Job Description
The primary function of an L3 Analyst is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic incidents and events. In summary, the L3 Analyst shall also act as the technical SME and shall report technically to the L4 Analyst.
Responsibilities
• Work collaboratively with Account Manager for Client relations
• Track incident detection and closure.
• Execute risk hunting activities
• Undertake forensic investigations
• Act as subject matter expert and expert witness where required
• General intelligence advisories and delegate intelligence aggregation tasks to L2
• Generate new use cases for emerging threats
• Conduct incident response coordination with customer
• Validation of security incidents
• Conduct audits of logging and correlation
• Conduct monthly security use case review and correlation audits
• Use of sandbox, honeypot, analytics tools and security testing
• Escalation Management
• Ensure process compliance
• Ensure quality of investigations and notification and direct L2 and L1 accordingly
• Report deviations to SOC manager and L4
• Ensure SLA compliance for projects within remit
• Perform deep analysis to security incidents to identify the full kill chain
• Setup weekly meeting to review the weekly reports with the client
• Respond to client’s requests, concerns and suggestions
• Act as subject matter expert for different clients
• Provide knowledge to L1 and L2 such as guides, cheat sheets etc
• Follow up with the recommendations to the client to contain an incident or mitigate a threat
• Conduct presentations and updates to the client
• Respond to incident escalations and provide solid recommendations
• Update aging incidents and requests
• Track SOC performance in terms of SLAs and incidents quality
• Review vulnerability assessment reports with the client and provide necessary recommendations
• Configure and maintain vulnerability scanners policies and reports
• Conduct threat hunting exercises on SIEM and EDR platforms
• Conduct penetration testing on web applications, mobile applications, servers (Windows/Linux) and wireless infrastructure
• Develop and improve processes for monitoring and incident qualification
• Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI management
• Participate in professional services (internal and external penetration testing, wireless assessments, web and mobile application assessments, firewall and server security audits, social engineering exercises, security awareness programs etc.)
• Perform threat intelligence analysis and investigations. Search on the darkweb and using other platforms such as RF to identify intelligence indicators or threats for a specific client
• Create reports for threat intelligence as a service
Essential Skills
• Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments
• Should have expertise on TCP/IP network traffic and event log analysis
• Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate, PaloAlto and Sonicwall firewalls would be an added advantage
• Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products